GHSA-w6ww-fmfx-2x22

Suggest an improvement
Source
https://github.com/advisories/GHSA-w6ww-fmfx-2x22
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-w6ww-fmfx-2x22/GHSA-w6ww-fmfx-2x22.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w6ww-fmfx-2x22
Aliases
Published
2021-11-10T19:56:04Z
Modified
2023-11-08T04:06:29.855152Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Misconfigured IP address field in ROA leads to OctoRPKI crash
Details

If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.

Patches

For more information

If you have any questions or comments about this advisory email us at security@cloudflare.com

Database specific
{
    "nvd_published_at": "2021-11-11T22:15:00Z",
    "github_reviewed_at": "2021-11-10T18:14:59Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20",
        "CWE-252"
    ]
}
References

Affected packages

Go / github.com/cloudflare/cfrpki

Package

Name
github.com/cloudflare/cfrpki
View open source insights on deps.dev
Purl
pkg:golang/github.com/cloudflare/cfrpki

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0